As companies prepare upcoming periodic reports, they should focus on carefully reviewing and updating their risk factors. Some of the considerations may include:

• COVID Risks. As a number of business sectors improve, it may be advisable to revise COVID-related risk factors to reflect the changing economic climate.  In some cases, the focus may need to shift to address challenges in increasing production, managing supply chains, hiring workers or otherwise responding to increasing customer demand.  In other cases, companies that benefited from dramatic changes in the economy during the pandemic peak may need to address potential risks associated with a return to normalcy.  For example, consider whether recent growth trends are viewed as sustainable in light of the MD&A requirement to discuss “known trends or uncertainties” that the company “reasonably expects will have a material favorable or unfavorable impact on net sales or revenues or income.”  At the same time, it may be appropriate to continue to caution investors as to uncertainties as to the future course of the pandemic – particularly as concern with the impact of variants evolves.
• Labor Markets. Many sectors and regions are experiencing labor shortages. To the extent material, companies should consider disclosing in MD&A the effect of labor market conditions on their results of operations, and discussing possible future impacts in risk factors. 
• Hypothetical Risks. Risk factors typically include a wide range of topics intended to warn investors of potential adverse events, most of which may not have not ever materialized. These are included
  

What You Should Do First with Anonymous Reports

There has recently been a rash of similar anonymous whistleblower tips to public companies, each claiming that an unnamed company supervisor boasted about reaping profits from insider trading. The number of public companies receiving very similarly worded anonymous reports leads to the conclusion that they may be hoaxes. While the apparent scheme’s ultimate goals are unclear, companies should be very cautious about engaging with sources of such anonymous complaints, especially given the risk of ransomware and other forms of cyberattack. One theory is that these reports may be the first step in a sophisticated campaign to inject ransomware or facilitate other forms of cyberattack.

These complaints present a challenging development for ethics and compliance reporting systems, since they require companies to quickly assess whether a whistleblower report is bona fide and address issues at the intersection of ethics policies and cybersecurity controls.

Several things should be considered by a company that receives a confidential whistleblower report alleging insider trading that does not name the employee involved:

• The most immediate concern is determining whether the report appears to be authentic and legitimate (regardless of merit), and not a hoax or some form of cyberattack. Anonymous submissions should be handled in accordance with the company’s data and cybersecurity policies and procedures, since files and links are potentially dangerous vectors for cyberattacks. A senior IT employee should review the submission (without seeking to identify the purported whistleblower) and consulted in connection with any engagement
  

Companies listed on the New York Stock Exchange should review their policies on related party transactions and related processes to confirm they are consistent with recent revisions to the applicable NYSE rules.

Longstanding NYSE rules required that “an appropriate body” within listed companies review related party transactions, but did not expressly define what constituted a related party transaction. The conventional wisdom was that related party transactions referred to transactions required to be disclosed under Item 404 of Regulation S‑K, which generally requires disclosure of transactions in which (i) the amount involved exceeds $120,000 and (ii) a related party has a direct or indirect material interest.

In April, the Securities and Exchange Commission approved amendments to Section 314.00 of the NYSE Listed Company Manual. The revised NYSE rule expressly:

• Defines a related party transaction as a transaction required to be disclosed under Item 404 of Regulation S-K without applying the $120,000 threshold thereunder;
• Provides that the audit committee or comparable independent body of the board must conduct an independent prior review of all related party transactions; and
• Requires that the audit committee (or comparable independent body) prohibit related party transactions it determines to be inconsistent with the interests of the company and its shareholders.

As a result of the NYSE’s exclusion of the $120,000 transaction value threshold, for some companies the scope of related party transactions requiring review and approval by the audit committee under the NYSE rule may be broader than the related

On June 15, 2021, the SEC announced that it had settled charges against First American Financial Corporation for failures in First American’s disclosure controls and procedures.  Rule 13a-15(a) under the Exchange Act requires issuers to maintain disclosure controls and procedures designed to ensure that information required to be disclosed by an issuer in reports it files or submits under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms. 

According to the SEC’s order, in May 2019, company management learned from a journalist that the company was experiencing a cybersecurity vulnerability that had resulted in the inadvertent public availability of customers’ personal data.  First American responded by issuing a statement to the press explaining that the company had learned of a design defect that had resulted in “possible unauthorized access to customer data” and had taken “immediate action to address the situation and shut down external access” to the data.  A few days later, First American issued a press release that was also furnished on Form 8-K.  In the release, the company reported that there was “[n]o preliminary indication of large-scale unauthorized access to customer information.”

Contrary to these disclosures, the SEC found that the vulnerability had exposed sensitive personal data, including social security numbers, in over 800 million images of customer documents for a period dating back to as early as 2003.  The SEC also found that the senior executives of the company who were

For the past decade, anti-money laundering (“AML”) has been at the forefront of securities regulators’ priorities. Indeed, AML enforcement cases have resulted in some of the highest fines imposed by securities regulators, and even the most cursory review of SEC and FINRA annual examination priorities letters reveals AML-related concerns in virtually each of them in the past 10 years. Based on recent enforcement actions and regulatory pronouncements, this focus will continue to be top of mind for regulators and, given the relationship between AML and other headline topics, such as cybersecurity and fraud, broker-dealers should anticipate that future examinations and other regulatory inquiries will heavily focus on AML-related issues. Securities regulators continue to emphasize that any reasonable AML program must be risk-based, and firms should consider periodically conducting a 360º assessment of their AML risks (beyond the annual independent AML testing pursuant to FINRA Rule 3310(c)). At bottom, broker-dealers should be aware of, and be nimble in responding to, cybersecurity and other types of fraud-related developments, and be prepared to modify their AML program in light of their own risk assessments and material developments in the regulatory landscape.

Click here to read the Alert in full.

Today SEC Chair Gensler announced that he has directed the staff to make recommendations on “how we might freshen up Rule 10b5-1” in order to address “real cracks in our insider trading regime.”   As discussed in our March 11, 2021 post, “Wait Continues for Any SEC Public Response to Senators’ Urgent Call for Rule 10b5-1 Reform,” earlier this year several Democratic members of the Senate Committee on Banking, Housing, and Urban Affairs submitted a letter urging the SEC to consider 10b5-1 plan reforms.   That wait ended with Gensler’s announcement.      

Gensler identified four key areas of concern:

• No cooling off period before the first trade. Gensler supports consideration of proposals to mandate four- to six-month cooling off periods, citing research showing 14% of sales of restricted stock occur within 30 days of plan adoption and approximately 40% within the first two months.
• No limits on termination of plans. Gensler believes that termination of plans while insiders are aware of material nonpublic information may be “as economically significant as carrying out an actual transaction” and “undermines investor confidence.”
  • Consistent with Exchange Act Rule CDI 120.18, Gensler noted that “cancelling or amending any 10b5-1 plans calls into question whether they were entered into in good faith. If insiders don’t act in good faith when using 10b5-1 plans, those plans will not offer them an affirmative defense.”
• No mandatory disclosure requirements. Gensler believes “more disclosure regarding the adoption, modification, and terms of Rule 10b5‑1 plans
  

A trio of recent developments illustrate growing support for Environmental Social and Governance (ESG) initiatives in the U.S., as well as abroad. ESG regulatory and legal risks now appear top of mind for institutional investors, as evidenced by the events described below.

Jessica Wirth Strine of Sustainable Governance Partners (formerly with Vanguard and Blackrock) in a recent video interview noted that investors now are more aggressively voting for environmental policy change, rather than working through engagement behind the scenes.  Investors are also evaluating the interplay between ESG and EPS (Earnings Per Share).  Examples include:

• ExxonMobil announced on June 2, 2021 updated preliminary voting results, stating that a third nominee of activist hedge fund Engine No. 1 appears to have won a third board seat, in addition to the two seats announced at the May 26 annual meeting, for control of one-fourth of the company’s 12-member board. Engine No. 1 waged a campaign to force the company to adopt a “climate transition” plan resulting in net-zero emissions from the company – and its products – by 2050. Institutional investors Blackrock and Vanguard each posted voting bulletins following the meeting explaining why they voted for the dissident nominees, citing industry experience, among other things.  Shareholders also approved proposals seeking more information on lobbying activities, including climate lobbying.
• A Dutch court ordered Royal Dutch Shell to reduce its greenhouse gas emissions by 45% (compared to 2019 emissions) by 2030 and to become aligned with the climate goals of the Paris
  

Newly installed Chairman Gary Gensler announced on June 1, 2021 that he is directing the SEC staff to consider whether to revisit its recent actions with respect to proxy voting advice businesses, including:

• The SEC’s 2020 proxy rule amendments
  • As discussed in our July 24, 2020 blog, the amendments codified the SEC’s interpretation that the definition of solicitation encompassed proxy voting advice and established requirements for exemptions from the information and filing requirements.
• The SEC’s 2019 interpretation and guidance regarding solicitation
  • As discussed in our October 2019 newsletter, the SEC stated its view that proxy voting advice generally constitutes a “solicitation” subject to the federal proxy rules and explained what proxy advisers should consider disclosing in order to avoid a potential violation of Rule 14a-9 where the failure to disclose such information would render the advice materially false or misleading.

As a result of the Chairman’s announcement, the SEC staff announced later on June 1 that it has decided that it will not recommend enforcement action based on the 2019 interpretation and guidance or the 2020 amendments during this period of staff review.

In addition, the SEC staff announced that if the 2020 amendments ultimately remain in place, it will not recommend enforcement action based on their conditions for a reasonable period after any resumption by ISS of its litigation challenging the 2020 amendments and 2019 interpretation and guidance.

Following these announcements, Commissioners Pierce and Roisman

SEC Chair Gary Gensler testified yesterday before the House Committee on Financial Services about the SEC’s efforts to assess and address the market volatility that occurred in GameStop and other “meme stocks” resulting in significant price volatility and trading volume spikes earlier this year. 

Gensler said the SEC is working to determine, in the face of changes in technology and finance, how to continue to achieve core public policy goals while ensuring that the markets work for everyday investors.  Gensler cited seven factors that were at play during the volatile trading periods:

• Gamification and User Experience:  Mobile apps expanded access to capital markets, making it easy for investors to sign up, start trading, get wealth management advice, and learn about investing. The apps use a host of familiar online features, such as gamification (points, rewards, leaderboards, bonuses, and competitions), behavioral prompts and differential marketing, to increase customer engagement.
  • Gensler said the staff is preparing a request for public input to consider these issues and determine how to ensure investors using apps with these types of features are appropriately protected and how SEC rules, including Regulation Best Interest, apply in these situations. Gensler noted that many SEC regulations were written well before today’s technologies and communication practices existed and need to be re-evaluated to protect the futures, retirements and education of the investing public.

• Payment for Order Flow:  Gensler noted that in the last few years, most retail broker-dealers stopped charging fees for trades
  

In response to a variety of activities allegedly undertaken by Russia, the U.S. Government has imposed a series of additional sanctions and export control measures since early March.  Collectively, the March and April sanctions take a variety of forms, including the suspension of entry into the United States and the denial of visas to certain non-U.S. citizens, denial of government credit and financial assistance, cessation of all foreign military financing, export controls changes, expanded sanctions authority, and additional designations of blocked persons.  These sanctions may affect anyone doing business with or in Russia.  Public companies should be particularly mindful of the potential for more reporting pursuant to Section 13(r)(1)(D) of the Securities and Exchange Act of 1934 (“34 Act”) as a side effect of certain of the additional sanctions.

Additional Sanctions Introduced and More Designations Under Existing Authorities

Following the determination that the Government of the Russian Federation violated the Chemical Weapons Convention based on the Navalny attack, the U.S. Government designated multiple new parties under existing sanctions authorities.  Pursuant to Section 231 of the Countering America’s Adversaries Through Sanctions Act (“CAATSA”), the U.S. State Department added six parties to its list of persons that are part of or act for, or on behalf of, the Russian intelligence or defense sectors.  The newly added parties are:

• 27th Scientific Center;
• 48 Central Scientific Research Institute Sergiev Posad;
• 48 Central Scientific Research Institute Kirov;
• 48 Central Scientific Research Institute Yekaterinburg;
• State Scientific Research Institute of Organic Chemistry and Technology; and
• 33rd Scientific Research